contador web Skip to content

New Trojan records PC screen while user accesses porn site | Security

A trojan known as Varenyky able to record users' screen while watching porn online. The malware has spread through spam emails and targets employees of Orange S.A, France's leading telecommunications company. The discovery of the threat, which can be used in sixth blows, was announced on Thursday (8) by security company ESET.

READ: Porn app used in scam to steal money

Investigations point out that Varenyky's activities began in May. The trojan distributed from emails containing a fake invoice attached in Word document format. When opened, the infected .doc file checks if it is the default Windows language for running spambot. If the computer is configured in another language, the Trojan is not installed.

Spam emails spread trojan Varenyky Photo: Divulgao / ESETSpam emails spread trojan Varenyky Photo: Divulgao / ESET

Spam emails spread trojan Varenyky Photo: Divulgao / ESET

Want to buy a cell phone, TV and other discounted products? Meet the Compare dnetc

After infection, Varenyky runs Tor software, which allows anonymous communication between command and control (C&C) servers and, consequently, remote access to the victim's computer. It (the trojan) initiates two lines of action: one responsible for spamming and one that can execute commands from its C&C server, ESET said in a statement.

The trojan was programmed, among other things, to scan the browser for sex-related window titles, such as porn, xxx and pornhub. Upon discovering any of these keywords, Varenyky starts recording the computer screen from the FFmpeg program, previously downloaded by the Tor network without user science. The final video is sent to the command and control server.

In addition to espionage, malware is capable of stealing passwords and sending spam almost imperceptibly, as if they were part of regular Internet traffic.

Keywords searched for trojan Varenyky Photo: Divulgao / ESETKeywords searched for trojan Varenyky Photo: Divulgao / ESET

Keywords searched for trojan Varenyky Photo: Divulgao / ESET

ESET researchers have also detected the use of Varenyky in a six-piece scam that called for a bitcoin ransom to not disclose compromising content on the Internet. According to the email found by the company, the hackers would be in possession of a video divided into two screens. The first half would be a recording of the user's browser, while the other half would be a webcam shoot showing the person reacting to the porn.

However, ESET pointed out that the campaign resembles other common scams and that there is no evidence as to the use of the video recorded by the Trojan operator for the sixth. It is not known if these videos were recorded out of curiosity by the authors of the spambot or with the intention of monetizing them through sextape blows, the company said.

Via ESET and Bleeping Computer

A website link directs me to the wrong pages. virus? Ask questions on the dnetc forum.

What ransomware: five tips to protect yourself

What ransomware: five tips to protect yourself